Archive for December, 2012

As we reach the end of the year, my thoughts turn to the passage of time, and its measurement. Do any of us know how to measure? The question may sound facetious, but I want you to contemplate what I am asking. Measurement is a starting point for risk management and business assurance. We make management decisions based on what is measured. But how much effort is expended on measurement, and is the measurement fit for purpose? Perhaps this is a good time of year to reflect on how the human race measure those things that are not easy to measure – like the passage of time – and some lessons from the history of measurement.

Consider the following. All of us know how to read dials. But measurement is not the same as reading a result from a measurement device. I know how to read the hands on my watch. But I have never made a watch. I can read the speedometer in my car. But I have never made a speedometer. I can understand a dashboard report, even if I have no idea about the way data was collected and manipulated to produce that dashboard report. And I can imagine making a tape measure, but I would probably make it by marking off the units of length by comparing it to an existing standard – like another tape measure. So I know some things about measurement, and also some of the limits of my knowledge. Would I know how to measure a property that has never been measured before, when I have no pre-defined tools or standards to help me? This is exactly the challenge faced by business assurance and risk management. We are confronted by the need to measure things that are not easily susceptible to measurement, and for which there is no great history of developing the methods for measurement. We want to measure error rates, and their consequences. We want to measure the probability of uncertain outcomes. We want to measure the costs and benefits associated with those outcomes. Nobody disagrees with those assertions, and they are often repeated. But how often do we discuss and improve the tools and standards used for measurement? Rarely. Too rarely. And lacking the tools, we can fall into a trap, building towers of rational decision-making upon irrational foundations.

I devoted a chapter of our book to the topic of epistemology, the study of what can be known and the limits of knowledge, and how it applies to revenue assurance. At the time, I knew this was a challenge to many. Some were bound to consider it vexatious. Others would take a more convenient approach, and just pretend there are no obstacles to overcome – just delegate measurement to somebody else, in the hopes they solve the problem or else will make up answers to appease their bosses. In hindsight, I should have been put even more effort into dealing with the crux of the epistemological obstacle, which is our ability to measure. It is not enough to identify that we have problems, or even their causes. We also need to know the scale of our problems, in order to decide if it is cost-effective to address those problems.

Consider the following scenario. A consultant wants to puff out their chest and show off their expertise. They are asked about rates of revenue leakage, in order to justify the cost of the services they offer. So they give an answer. What method did they pursue to arrive at their answer? Well, they asked the opinions of others. They reported what their instincts told them to be true. They state that somebody else found something else somewhere else in the past, and so, by analogy, the scale of problems will be similar in the here and the now. Now imagine a scenario where I ask the same consultant to measure time, without the use of a timepiece. The consultant has an instinct for whether one duration was longer or shorter than another. The consultant can ask other people what they thought was the amount of time that elapsed. And, in a crude way, for long enough periods, the consultant will be able to measure time by the movement of the sun, and the passing of days. But that is the limit of what they offer. And what they offer is very crude, and hence not useful for decision-making. We cannot use the consultant’s estimations to manage our daily affairs, and nor can we afford to suffer devastating losses just so we can find out that we are suffering from serious problems. Now imagine I am on a 17th century ship, sailing the oceans, and I want to know where I am. Once again, I ask the modern-day consultant, who has been magically transported back in time and placed upon the deck of this ship. We know that if we can measure the current time and compare this to the time at an independent reference point, we can determine our longitude. But none of us possess a clock. So the consultant does a survey of the sailors on the ship, asking them what they think is the time at Greenwich. He tells me what they said, and what his instincts say. So, in a way, he answered the question. But his answer is less than useless, because it is so likely to be wrong. If we want a proper answer, somebody needs to invent a precise clock that works at sea. And that is no trivial problem. In fact, that particular problem was so difficult that the British government offered an enormous prize to anyone who could make such a clock. As the Greenwich Museum points out, what we take for granted now was an extraordinary challenge back then:

Like squaring the circle or inventing a perpetual motion machine, the phrase ‘finding the longitude’ became a sort of catchphrase for the pursuits of fools and lunatics. Many people believed that the problem simply could not be solved.

The successful inventor needed to devise a practical solution that represented the cutting edge of science and engineering. John Harrison was the man who eventually solved the problem of how to make an accurate maritime clock, and he spent most of his life doing so. Even then, there was resistance to giving him his proper thanks and reward. Harrison had to petition the king to receive his prize!

And therein lies the heart of our problem too. No ship’s crew was going to solve the longitude problem on their own. The solution was produced because a great deal of investment was needed to come up with a solution that benefited many. The same is true of our many metaphorical ships, our telcos, bobbing around on the endless ocean of rough guesses, lacking the tools and standards to measure properly. In other words, the solution to our problem lies in overcoming a very serious obstacle that none are properly incentivized to tackle. Most of the people tackling the problem have entirely the wrong skills. It takes a degree of expertise to conduct a survey, but even the best survey is woefully inadequate for this challenge. And measuring the time and location accurately means resisting all temptation to give the answer we would like to be true. This challenge will not be addressed by opinion and puffed-out chests. It demands science and engineering.

“At the heart of science is an essential balance between two seemingly contradictory attitudes – an openness to new ideas, no matter how bizarre or counterintuitive they may be, and the most ruthless skeptical scrutiny of all ideas, old and new. This is how deep truths are winnowed from deep nonsense.”

Carl Sagan

Risk management and business assurance pass Sagan’s first test. Any practitioner must be open to the idea that people and their systems are, in general and in aggregate, more fallible than any specific individual believes themselves to be. That is an incredibly counterintuitive idea. Well done to us, for having apprehended the truth. But we fail the second test. Our scrutiny is far from ruthlessly sceptical. When reading through the literature on enterprise risk management, I am permanently reminded that for all the advice and theorizing on display, there is a systemic failure to address the fundamental challenge: how to measure risk. People skip ahead to outlining what to do about it, as if they already had a decent measure. That is like deciding to change course on a ship, without knowing where the ship currently is. Or they spend all their time identifying risks, as if a long laundry list of worries can magically rearrange itself into a prioritized plan of action. That is like reading a map without ever plotting a course. And compared to the literature on enterprise risk management, the literature on business assurance for communications providers is greatly inferior. This should not be a surprise. The former draws upon a vast pool of global resources. The latter draws on a much smaller collective pool of knowledge and talent. At least sailors had a bedrock of truth they could use to calibrate poor guesswork. They would spot land, and find themselves a long way from where they thought they were. Or they would starve at sea. Starving at sea is a non-trivial consequence of inaccurate map-reading and measurement. Perhaps some consultants would improve if they were made to fast for every inaccurate forecast they made, but even this would be an imperfect feedback mechanism. Some of our leakages may never be detected, if we do not look for them, and the nature of uncertainty means it is always debatable how far we can calibrate measurement of future risks based on what has happened in the past.

Many years ago, a few people liked a metaphor I came up with, which was designed to illustrate the essence of our epistemological dilemma. I described leakage as an iceberg, with some above water, and hence visible, and some below water, and hence invisible. We know our knowledge is imperfect, and incomplete. When we measure visible leakage, we are not truly measuring the whole iceberg, because we also expect some of it is hidden from view. Those were the days before I started blogging, and I would routinely include a few slides on the iceberg whenever I did a conference presentation. They say imitation is the sincerest form of flattery, which I suppose means that some people flattered me a lot, not that they had the good grace to mention their source. Such is the wisdom of some consultants – they claim to know a lot, but cannot say where their knowledge comes from. The metaphor of an iceberg floating in the water also leads me to another historical analogy. Many know the story of Archimedes, who had a great insight whilst lying in his bath, exclaimed ‘eureka!’, leapt out and ran down the street naked. Archimedes had discovered a new and precise form of measurement, which worked by calculating the volume of water displaced by a submerged object. It was a moment of genius. And that is what we need, and what I have been waiting for since coining the iceberg metaphor. Guesstimates, instincts and crowd-sourced surveys will never deliver useful results. What we need is a eureka moment, where practical and precise measures will revolutionize decision-making, giving meaning to all the activities that have already been mapped out as coming after proper measurement. Or maybe we need many eureka moments, like John Harrison’s many timekeeping innovations. What we cannot do is to treat the problem as solved just because it is darned inconvenient that the problem has not, in fact, been solved.

Writing that, I feel like my next words should be to share a eureka moment on how to improve measurement. Sadly, words fail me. I have no bold new insight on how to radically improve measurement. Maybe our measures will develop like John Harrison’s timepieces – through many small but important improvements over the course of a lifetime. But perhaps I should forgive myself. For now, my eureka moment is much simpler: to motivate an improvement to our measures, we must begin by consciously recognizing the need to improve. And our next task also becomes plain. We need somebody to offer a great big reward to whoever invents those improvements. Perhaps somebody will step forward to motivate progress in 2013. Either way, as the calendar turns, I wish you a happy new year.

Australian operator Telstra has started to issue refunds after the discovery that its outbound mobile roamers have been overcharged for data services since 2006. The total refund is expected to be approximately AUD30mn (USD31mn). You can read the full story from here.

The overcharging was discovered by an audit within Telstra. A spokesman for the company reportedly said:

Telstra became aware of an issue whereby some customers were charged multiple data session fees due to the way international carriers generate their data usage records. Once we identified the issue, we put immediate steps in place to prevent further multiple charging.

It is surprising that the inaccurate charging was undetected for six years and staggering to think of the number of bills Telstra will have had to review in order to provide refunds to consumer and business customers.

Yes, it is surprising – unless you know how telcos really work. Most consumer protection advocates know as much about telecoms as you would expect a typical media studies/social policy graduate to know. They know what the service providers say publicly, and what they can see from their own bills, but nothing else. That is why the industry has to police itself. No external party is going to do an effective job. When you know how most telcos behave, you realize the real surprise is that Telstra did an audit that was thorough enough to discover this problem. Instead of criticizing Telstra for auditing this area once in 6 years, it should be pointed out that most telcos would never have audited this. In fact, there must be other telcos that have overcharged their customers for the same reason, but who continue to be ignorant of this problem. Note the circumstances of this error: customers are not complaining about the specific issue, Telstra is being paid the amounts it has billed, and the error stemmed from flawed data supplied by other telcos. This is how the error was described:

International carriers send data files to Telstra via a data clearing house for billing, and sometimes the carriers cut long data sessions into segments. The data files passed from the carriers have an indicator for when a data file relates to a part data session or a full data session.

It is understood that some carriers left the indicator for a part data session blank and that was interpreted by Telstra as a full data session, resulting in the data session fee being applied multiple times for a single data session.

Another crucial lesson here is that many of the self-appointed pontiffs of ‘revenue risk management’ would never have found this error, hence contributing to the widespread delusion that revenue risks only relate to frauds and accidental undercharging. Why would the Gadi Solotorevskys of this world have missed this error? Firstly, and most importantly, it does not matter what software you use or how much data you crunch. This kind of error will only be discovered by a human brain… and we all know how the software-worshipers feel about telcos paying good wages to skilled and knowledgeable people who can think outside of the box. Their goal is to put everybody in a box, and then to get rid of everybody, because they’ve progressively automated the box. But the truth is that there are many errors that will never be discovered by simply crunching more and more data, over and over again. Second, software developers like Solotorevsky have a prejudice against audits. They market their tools as an alternative to audits. They say that audits are not ‘proactive’ enough. Rubbish. There is no good reason to present a false choice between software or audit. It is better to have both. Audits demand an open mind. Audits should, on a recurring basis, scrutinize even those areas that have already received a superficial ‘all clear’ from other checks and controls. Audits can reveal all sorts of flaws, including flaws in how people behave and think and flaws in how automated systems work. They even reveal flaws and limitations to the systems purchased to do automated checking and gaps in the controls implemented by the company’s control gurus. A real risk manager loves a good auditor, because a good auditor has the time, skills and opportunity to really examine everything that may go wrong. Good auditors deliver the ultimate validation of whether risk management has succeeded in its task, and they serve as the ultimate guardians that stop real problems from continuing indefinitely.

Nothing trumps smart, dedicated people with the humility to really check that everything works as it should. And sadly, when these guys do their work, they usually get criticized for not doing it sooner, instead of being thanked for doing it well. They get squeezed on all sides: by their doubting bosses who see no benefit in checking for errors and who expect miracles whilst paying the bare minimum, by consumer protection gobsh*tes, by ineffectual regulators, and by avaricious VC-backed tech firms that pretend software is a substitute for human intelligence. Telstra deserve credit, as they take on the hard task of refunding their customers. Six years is a long time, but better late than never. If we listened to some people, then there would be plenty of errors that remain undetected, but would be allowed to go on harming telco businesses, or harming telco customers.

Meanwhile, another Indian vendor, Connectiva, went bust, though this was not clear at the time because its bosses kept pretending they were still in business. Unpaid and disgruntled Connectiva employees demonstrated the power of the internet to subvert official communication channels (or the lack of communication) by launching their own anonymous blog.

Subex, the leading Indian vendor of business assurance, announced a string of new sales whilst continuing to negotiate a restructuring of their FCCB debts; see here. And then, for good measure, they announced yet another multi-million dollar contract. WeDo were upbeat after announcing stable results for the 2011 financial year, but they talked darkly about a challenging market and hinted that intense price competition might drive some of their rivals under; see here. And TEOCO, the Virginia-headquartered vendor that specializes in cost management and analytics, showed where they thought the market was heading. They purchased Schema, a company that specializes in RAN optimization, for an undisclosed price.

In contrast, regulators continued to do what they are best at: nothing. Ofcom, the UK regulator, published an action plan to deal with bill shock. The plan was fine apart from the lack of action.

Although Connectiva’s bosses continued to pretend they were a going concern, their problems became even more obvious when they sold off their parser code.

May

WeDo acquired Connectiv Solutions, US providers of cost management and network efficiency tools, with the intention of cross-selling Connectiv’s offerings and getting better traction in the massive US market. At the other end of the scale, Xintec raised EUR900k from seed funding and government schemes. The small Irish company offers RA and FMS solutions targeted at the smaller telcos who have not been well served by the larger vendors. And at the very bottom of the scale, Connectiva (note the ‘a’ on the end of the name) was negotiating a deal to be sold to Mara-Ison, the Dubai-headquartered IT services firm, whilst their bosses were still telling customers that all was fine. The sale was eventually confirmed in a very discreet way, as if Mara-Ison was embarrassed by the deal.

Lovers of big government cheered when Ghana’s regulator announced a CDR audit of the country’s six operators. The audit would determine if the government was receiving all the tax it was entitled to. On the other hand, haters of big government cheered when Nicholas Merrill, tired of government gagging orders and invasions of privacy, proposed to launch an ISP where privacy and cryptography would be so thoroughly built-in that literally nobody would be able to snoop on his customers or found out their details – not even him. For more about Merrill and his Calyx Institute, see here.

June

As part of the deal to restructure Subex’s FCCBs, Subash Menon, founder of Subex, and Sudeesh Yezhuvath, Subex COO, agreed to forgo their ‘golden goodbye’ payments in the event of leaving the company. Menon also stood down as Chairman, whilst retaining his position as CEO. The results announced for the previous financial year were broadly stable; for more, see here. Meanwhile, WeDo’s purchase of Connectiv appeared to have delivered them a rapid return, after they announced a deal to supply revenue assurance services to ‘one of the largest carriers in the United States’.

July

Two coincidental reports showed that whistle-blowing is a crucial and cost-effective mechanism to detect and prevent fraud. To find out more about the reports by the The Ethics Resource Center of the USA and the Association of Certified Fraud Examiners, you can look here. Meanwhile, the US comms regulator, the FCC, looked for evidence of fraud and waste in a program to supply free phones to the poor, and concluded that they could save USD200M by implementing simple controls to tackle abuse.

More good news for WeDo came in the form of successful diversification into the retail sector; they announced new retail sector customers in Russia and the USA. On the other hand, KPMG’s attempts to secure some news coverage backfired because of gratuitous exaggeration. One of their goons said that African utilities are losing 40% to 45% of revenues on average due to improper billing. He failed to mention which of these firms had their accounts audited by KPMG.

August

Subex announced ‘tough’ results for their Q1, with revenues well down. However, CEO Subash Menon vaguely promised that this was due to the way that revenues were being recognized, and that the numbers would bounce back in later quarters.

Shahid Ishtiaq of Etisalat revealed his second ground-breaking idea for improving the efficiency of revenue assurance. Shahid blogged for talkRA about the in-house development of the CRAWLER tool for cheaply combining assurance data from multiple sources so it can be easily interrogated by an analyst. The idea has since caught the attention of London-based vendor Cartesian, who graciously acknowledged that Shahid inspired their ideas about ‘horizontal assurance’. If you were unaware of Shahid’s first ground-breaking idea, then feel free to ask cVidya’s CTO where he gets his product ideas from. The self long-serving head of the TM Forum RA group received yet another award from the TM Forum for his long-servitude, but failed to name any individuals that he steals uncredited ideas from voluntarily contribute their telco’s IP to the TM Forum.

August was a good month for gadget-loving readers of talkRA, and also for the publishers of our book. Revenue Assurance: Expert Opinions for Communications Providers was made available as a Kindle e-book, and it promptly leapt up the Amazon rankings. If you forgot to buy a present for that beloved revenue assurance analyst who brightens up your life, now you can download the book, instead of waiting for the postman.

September

Subash Menon stepped down as CEO of Subex, only retaining the role of a non-independent director. Industry peers expressed sympathy and admiration for Menon, noting how he had remained charming and personable, even whilst being a tough competitor who built a global market leader from the ground up. Things might have been very different if Subex had walked away from the opportunity to buy Syndesis, a firm that cost far more than the meagre returns that Subex was able to squeeze out from it. Worse still, the FCCBs used to finance the purchase were turned into a noose around Subex’s neck by forex and stock market movements. Menon slipped the noose thanks to a second renegotiation of the FCCB terms, but a downturn in results for Q1 and subsequent quarters finally prompted the departure of the man who gave his name to Subex. Surjeet Singh, former Patni CFO, was rumoured to be Subex’s in-coming boss, and those rumours were subsequently proven true.

The bond between fraud management and security became stronger and stronger over the year, and this was emphasized by the release of the 2012 Lookout Mobile Security Report. The report identified the disturbing prevalence of mobile malware designed to secretly contact premium SMS numbers. Concerns focused on Russia and Eastern Europe, with Lookout finding that 41.6% of Russian devices are infected with malware or spyware. Separate stories reinforced the point, including BBC coverage of disgruntled Russian telco customers, and a large fine for a Russian-owned firm selling dodgy Android software in the UK. Look here for more.

October

October was silly number season, proving that it is sometimes impossible to exaggerate how bad things really are. It brought vindication for believers in bill shock, consumer advocates who condemn telcos for sloppy errors and giving poor customer service, and those of us who know regulators never get anything done. That vindication came in the form of a bill for 11,721,000,000,000,000 Euros received by an unemployed child minder in France.

However, this was not the most ridiculous number that the telecoms industry generated in October. The buffoons at Global Telecom Business decided to associate Alon Aginsky, cVidya CEO, with the number 95, when they claimed Aginsky is the 95th most powerful person in telecoms. Several thousand telecoms executives would have complained, if they were not busy running much bigger and more profitable companies than Aginsky does.

Not wanting to be overlooked during silly number season, Subex’s new management team made some extraordinary boasts for how much their tools boost productivity. The numbers were extraordinary because they were both large, and incorrectly calculated.

November

Silly number season was ended with a jolt by the publication of Subex’s Q2 results. Contrary to promises made after the Q1 release, revenues were further down and a large provision was taken for bad debt. The notes also revealed that Subex was disputing a bill for unpaid taxes dating back to 2006.

In a surprise move, a UK government official gave some good and honest advice that people should hear, even though others want to suppress it. Andy Smith, who is a security manager for the UK Cabinet Office, told a conference that it is sensible for internet users to provide false names in order to protect themselves from abuses of their identity. Soon after, UK mobile operator O2 suffered yet another outage, infuriating one anonymous individual who emailed me copy for an excellent guest post explaining why operators must invest more in business continuity. I was happy to oblige.

December

There was no news in December. Seriously. No news at all. Apart from the lack of news. If you want a list of no-news-so-far stories that I forecast will be news stories in future, then here they are:

More telcos will merge or co-locate their tech security and fraud management teams in order to deal with the overlapping issues raised by ever more sophisticated cybercrime and malware.

Huawei has not yet squeezed into the RA and FMS consulting/SI market, but it is only a matter of time before they offer a carbon copy of somebody else’s methodology whilst trying to gain share by driving prices even lower. Huawei will soon do a lot more in this space, if only to protect management face in case ZTE gets any unexpected traction with pushing their RA and FMS lines. However, Huawei will have problems making progress chiefly because they will want to reward their staff less than they could have earned by working for some of the best-paying telcos. As such, they will not be able to fully lever their existing global customer base, and their new assurance offerings will primarily be sold within China.

Simpler tariffs and the migration of some traditional forms of traffic to internet-enabled substitutes will lower the need for retail-facing telecoms assurance. There will be an uptick in demand for inter-business assurance as content supply and payment chains get more complicated, but this will go unreported because these forms of assurance will be bespoke for each situation and so will defy categorization or automation.

Concerns about short-term costs and cashflows mean that Subex will not adopt a long-term R&D strategy to rejuvenate their business. They will struggle to find ways to differentiate themselves from competitors like cVidya, meaning they will not improve results in either the short term or long term, and will continue to be caught in the trap of fierce price competition. However, they will maintain a core of profitable long-term relationships with their key customers.

Big data technology will erode the business case for more specialized and niche deployments of technology in order to scrutinize large volumes of data; for example, revenue assurance systems. However, the erosion is gradual and will go largely unreported.

WeDo will be the first major vendor of telecoms business assurance that will generate more than half of its revenues by selling assurance products and services to companies outside of the communications sector.

The changing cost dynamics of technology mean Xintec and other small players will start to compete for projects that previously would have only been pitched to the larger vendors. This, in turn, will encourage the very smallest CSPs to start thinking about open source software for core assurance tasks.

Even bigger economic trends will start to rebalance the cost advantages of employing staff from developing countries. As Western European telcos continue to slim down their workforce, older practitioners with very significant experience will come on to the market, and they will start to form alliances to counter the divide-and-conquer mentality that will otherwise accelerate price competition for skilled manpower. Some of these alliances may congregate around strong niche brands where the competitive pitch will be based on providing the highest calibre of staff rather than the lowest price.

Company boards will lack the requisite skills to oversee the handling of increasingly significant cybersecurity risks so they will come under increasing, but vague, political pressure following every new scandal. However, there will not be any meaningful change in the expectations set for corporate boards because legislators and regulators also lack the skills to determine what should be done. Over time, government understanding will rise as a by-product of greatly increased government investment in cybersecurity. Some governments will allow public resources to be helpfully deployed to also assist business, some will try to dictate terms to business under the cover of ‘cooperation’ in the hopes of keeping down the cost to the public purse, and some governments will start instructing private businesses to do things that are neither in the interests of their shareholders or the public at large. The securest nations will be the ones which spend most public money on cyber defence.

The disruptive influence of the internet will accelerate until it becomes the new status quo for business networking and disseminating information. Business models that rely on attending conferences, advertising in printed journals and other traditional forms of marketing and salesmanship will become secondary to new ways of doing business. Organizations and marketing teams that are rooted in the old forms, like the TM Forum, will deploy a lot of resources to resist or hijack the transition, but this will only be a stay of execution unless they eventually emulate other entities that have dropped the physical side of their business in favour of doing everything through a digital and virtual medium. The transformation will lead to certain kinds of jobs being lost without there being an equal compensating rise of new vacancies.

Nobody has bought cVidya yet, and nobody will. It is more likely that when the money runs out, we will see a re-run of how cVidya was combined with ECtel, with a merger being brokered between them and another middling Israeli tech firm.

Phew. What a year that was. In 2012, talkRA covered more news than any year previously, and that was despite the fact that much of the news – like Connectiva’s collapse – could not be found in press releases. It comes as no surprise that so much news helped to lift talkRA’s visitor numbers to the highest they have ever been. 2012 was the year I saw talkRA take on a new significance it has never had before. As more and more information goes on-line, and as we all become accustomed to hearing the full uncensored story of events, it became plain that we were not going to hear a single peep about major stories like Connectiva’s demise except through channels like talkRA. It is not good enough for somebody to equate journalism or knowledge sharing with taking a stapler and binding together a series of adverts pushed by companies wanting to sell something. Sometimes the greatest news story occurs where nobody is selling anything, but we still need to know about it, and that will be increasingly true as cybercrime casts an ever darker shadow over our domain. Though 2012 was unprecedented, I expect 2013 is going to be an even more dramatic year for our field. And because of the nature of the unfolding events, I predict there will be only one place to read the full story – and that place is right here.

Alex Leslie, then Executive Director of the Global Billing Association, talking about the rise of data services for a Billing Plus interview on October 10th, 2003?

Me, Eric Priezkalns, writing about the changing profile of risk and maturity in a talkRA post on April 20th, 2007?

Before I give the answer, let me explain why I ask the question. In the context of rapidly-changing communications technology, plain old voice is an ancient product. Most telcos still make most of their money from this very mature revenue stream. That is the problem with the sector – it has to transition to earning more from newer streams as voice revenues and margins are eroded. But I want to know one simple thing: for all the work that has been done on assuring revenues and reducing leakages, what has been the measurable benefit for old, established, revenue streams like voice? Instead of telling me how much is wrong with the world – a somewhat pointless task, as we can only estimate errors we can imagine – I want to start hearing about the cumulative improvement to the bottom line, as delivered by revenue assurance. I want to hear good news stories once in a while, and not just of the type ‘immediately after buying our product, our customer was amazed to find the payback period was just 1.6 seconds’. I want to hear some good news stories of the type that goes: ‘a global survey estimates that revenue assurance added x% to the profits of telecoms operators last year’.

Okay, I can see how estimating benefits would be difficult to do for newer products and services. But not everything is new. Not everything changes all the time. Take voice as an example. Have people delivered some benefit by reducing voice leakage, or not? Did voice leakage come to an end, or at least get reduced to the point where it is not worth the cost of chasing more reductions to leakage? For an industry that claims to be awash with data, metrics, and prize-winning standards, why can we not have a simple analysis of how much good has been done by revenue assurance, at the very least for those big old revenue streams like voice? Even I like to hear some positive news, once in a while.

The answer to the quiz was Alex Leslie – and I have the 10th October 2003 edition of Billing Plus to prove it. And I think he was right. Back in 2003, mature telcos were already on top of revenue leakage from retail voice. They may not have eliminated it, but they had retail voice leakage under control, they had picked the ‘low hanging fruit’ and they were at a stage where they could make data-driven decisions about how much more to invest in curtailing leakage. That was in the year 2003. That was four years before Papa Rob appointed himself Overlord of RA (and fraud too, when he has time to get around to it). That was a year before Hugh Roberts called the first meeting of the TM Forum’s RA Group (and a quiet little guy took the job of hosting the conference calls, because nobody else wanted to). But it was two years after the publication of Managing Successful Revenue Assurance, the seminal text by David Smith, Richard Peachey and Peter Carling. I think we hear plenty of estimates about the challenges ahead. We all know how bad the future might be. It is about time we hear a new argument in favour of revenue assurance. Instead of just saying how bad the future would be without revenue assurance, we should be saying how good the last decade was, because of revenue assurance.

When a frozen gas pedal in Toyota cars was causing driving deaths in the U.S., he says Toyota initially didn’t understand what its core risks were. Toyota at first thought the core risks were around manufacturing automobiles. But it turns out they were really around Toyota’s safety record and product reliability. Very interesting.

In telecom, I assume Professor Greenbaum would classify revenue risks such as RA and fraud management in the ancillary category. But I would love to hear your own opinion of where the distinction between core and ancillary risks falls in our industry.

I am flattered to be asked this tricky question. After nearly 20 years of working in telecoms, I can remember long periods when nobody wanted my opinion, and I have met many people who were sick of hearing my opinions. There are even some people who are no longer able to hear my opinions, no matter how loud I shout. That said, I can only begin to give an answer by repeating one of the stock phrases I have often used, particularly during the times I worked as a consultant. When starting a new engagement, I was usually keen to impress the following on clients:

“When I tell you something, most of the time I will be repeating back something that you told me.”

Why would I be so candid? After all, I make it sound like it is a complete waste of money to employ a consultant. It is often a complete waste of money to employ a consultant, but it is not a complete waste of money to employ me as a consultant. Not usually. There are several reasons to make the statement. Some of them revolve around setting expectations for the client. In other words, if I had a mystery way to make a billion bucks I would not be sharing it for the kind of fees I was charging the client, and if the client shares no information with me, then that will severely limit the usefulness of the exercise. Another reason is to highlight the importance of editing. Good communication is not about sharing everything we know. It is about sharing what the audience needs to hear. That means organizing information and cutting out irrelevances – and there is a good chance that the client has all the information it needs, but is struggling with editing the information for themselves. And another good reason to make my admission is to make the client aware of the messages they give out, so they can start listening to themselves. Here I am talking about communication as more than just what people say to each other. A client tells me many things in many different ways. An extract of computerized data can tell me things about the client. I will be told things by observing how staff behave, their tone of voice, their interpersonal body language and so on. The feedback of the client’s customers can tell me many useful things about the client. And if I keep on listing the ways I ‘listen’ to my clients, then every other consultant will copy my techniques and I will never work again – so I will stop there. But you get the idea by now. A better business can reduce the need for consultants by ‘listening’ to itself. I would be a pretty poor consultant if I walked away, leaving the client feeling that I had done something mysterious that the client was simply incapable of reproducing for themselves, if they want to.

That was rather a long intro to what will be, on the face of it, a very short answer to Dan’s question. I will expand just a little by pointing out the distinction between a core risk and an ancillary risk is a helpful one when we step back and think about the strategy of the business, but it is less helpful when dealing with particular risks. A hurricane does not care if it sits in the ‘core’ or ‘ancillary’ category that I neatly typed up on a workpaper. And if a hurricane comes my way, I hope I focus on the essential task of not being blown away, and do not waste time reflecting on where the hurricane should sit in my risk taxonomy. What makes the distinction useful when considering the business strategy is that it helps to clarify what the business is trying to do and how it will do it successfully. The core risk of a business stems from the activities that give the business a competitive advantage. If we are talking about a genuinely competitive marketplace – and it is worth noting that many telcos are exempt from genuine competition – then the business will succeed precisely because it is better at managing its core risks compared to other businesses. Note that being better at managing a risk is not the same as reducing a risk. The least risky airline would have no planes, the least risky bank would make no loans, and so forth. Being better at managing risk means to deliberately, purposefully take on activities that generate risk, and to do so in such a way that the risk is optimal relative to the return. In other words, when looking at the strategic long-term, there is the greatest positive difference between the range of possible revenue and the range of possible cost, within the bounds sets by the risk appetite of the company’s investors. All I am doing here is merely repeating back what I have heard many wiser people say, but trying to state it in the language of risk management. Those wiser people may talk about ‘sticking to the knitting’ or ‘competitive advantage’, but I believe we are ultimately talking about the same thing. A core risk is inherent to the ‘knitting’, and is an integral component of the source of competitive advantage.

So what is core to a communication provider? I should be able to answer that by repeating back what comms providers tell me they do. Umm. Err… well that would be… err… communication. Now you can see why I stalled for so long before giving the simple answer. But having given it, we can now expand upon the answer, to see why it was a lot less obvious than it should be. To start with, let me start by tackling one obvious question: if communication is core to a communication provider, then why should we believe ‘safety’ is core to Toyota, instead of saying something more obvious like ‘making cars’. I think the difference is that we are wrong if we try to say that what the company does is the same as what the customer wants. Communication is core to communication providers because the motivation of customers is that they want to communicate. In contrast, the motivation of a purchaser of a Toyota car may be more refined than the desire to own a car. Here I want to briefly talk about the psychology of human motivation. Using Maslow’s hierarchy of needs, we can understand that a person may be motivated to attain some goal, and having attained it, their motivation then moves on to something else. At a lower level, the car may provide a basic need for its customer – probably related to commuting to work, going to places to buy necessities and so forth. If the car can perform that task, and satisfy that need, the customer can move on to satisfying further needs – they want a car that is trouble-free in order to optimize the time they spend traveling to social events, they want a car that is increasingly safe in order to safeguard the kids on the school run, and so forth. Or perhaps safety needs are easily fulfilled for the customer, and they are motivated to move on to other needs. Perhaps they buy a speedy two-seater to impress friends and the opposite sex. So what is core to Toyota is more than just fulfilling their customers’ desire for a car. What is core for Toyota is fulfilling the particular motivations that customers associate with Toyota cars, such as reliability. Hence the thrill of rapid acceleration is not core to Toyota in the way it would be core to Porsche.

After giving such an interesting, layered answer about motor cars, why not break out the layers for communication services? One reason not to do that is that I suspect customer motivation is far less nuanced and layered when it comes to buying a communication service. The purchaser of a car may have all sorts of motivations working at all sorts of levels. The purchaser of a phone service only wants one thing: to talk to Aunt Mabel. The consumer’s limited interest in the service provider has been somewhat proven by handset manufacturers. Customers will change network to get a handset they desire; they do not change handset to get the network they desire.

Of course I exaggerate a little, because some of us do not have an Aunt Mabel. But the essential point is that a customer’s motivation has very little to do with the specific features or qualities of the service. They get upset if you do not provide the service – for example, if there is a network outage. But this is not an attribute of the service being provided, it is another way of saying if a service is being provided. Whether the customer wants to talk to Aunt Mabel, or his girlfriend, or her workmate, or a corporate contact on the other side of the world, there is not a lot of nuance in how the communications provider satisfies a human desire. People want to talk to each other. And for all the fuss about modern technology, all communication is a variation on that theme. They might want to hear a voice that responds in real-time. People really want to speak to their loved ones immediately after a disaster is reported on the news. They might want to transmit text and for communication to be asynchronous. The cowardly husband may choose to send an SMS as apology for forgetting a marriage anniversary. But whether the communication involves sound, video, text, or occurs 1-way, 2-way, 3-way or more, all communication is motivated by somebody communicating to somebody else. At the extremes we get a business creating entertainment which they intend to share (at a price) with millions of people in an extremely one-sided mode of communication, or we might get the any-to-any anarchy of internet communication. Even at the extremes, the motivation stems from the content of the message and the audience, not from the technology. And therein lies the greatest core risk to telcos: that they cannot differentiate between themselves, and their services all tend to be commoditized.

I have glossed over an important distinction so far. Communication providers actually do very different things, even if they seem to be doing similar things to the outside world – and some communication providers are simply unknown to the outside world. A network operator is responsible for a lot more of the ‘communicating’ than many other kinds of communications provider. So they have a very particular profile for a certain kind of core risk relating to customer motivation. Going back to Maslow’s hierarchy, it is possible to attain a certain level of motivation, but then be dragged back down as lower-level needs are put into jeopardy. For example, nobody much cares about browsing an apps store for the latest entertaining game whilst being chased down the street by a mad axe murderer. When mad axe murderers come calling, then most of us want to call the police.

Network operators hence have a very particular risk dynamic relating to availability, reliability, disasters and continuity. The nature of disasters means that a lot of people will want to make calls at precisely the time when a network is most likely to be rendered inoperable. This creates a very acute core risk for a network operator – if they operated in a free market. In a truly free market, the operator might engage in exploitative practices to earn increased profit, by dramatically increasing the cost of a call in response to spikes in demand or to take advantage of the outages suffered by rival networks. And in a way, that might be fair to customers, because people may consciously or unconsciously prefer pricing models where they get a cheap service to call their Aunt Mabel on the weekend, and where the cost of that call is not inflated by an overhead needed to build a robust network, able to persist through disasters or cope with extreme spikes of demand.

By now, my discussion has become somewhat too theoretical, because the truth is that no network operators face competitive choices like these because governments will have already intervened to impose their own demands for how the networks support society. In practice, governments will allow a moderate overcharging of the call to Aunt Mabel in exchange for the increased investment to provide the extra network robustness at times of stress. So some of the risk dynamic is translated from the original dimensions of core risk, which assume a competitive marketplace, to an alternative core, where risk is driven by the deals struck between government and monopolistic and oligopolistic enterprises like network operators. In this alternative core, the key parameters of risk all condense on the negotiation with government, which both sets demands (like keeping a network running at times of stress) and can set prices (limiting the extent of true competition as a way to engineer profits that will finance certain kinds of investment desired by government). Of course, not all risk is translated into the negotiation with government, as there is still the actual decision-making about how to build and run a network, so the operator is still looking to attain the desired level of robustness at the least price.

At the other end of the spectrum, providers who have no network will tend to be relying on network providers to ensure continuity of service, though it is also fair to observe that inter-dependency is inherent to network providers too. The side of telecoms which faces the end customer is the side which tends to be most competitive. Here the core risk is genuinely a product of how to compete effectively, and it is relevant to review the various strategies outlined by Michael Porter e.g. cost leadership, innovation etc. Like airlines, comms providers can struggle to find non-superficial ways to differentiate themselves. Two competitors might buy and deploy the same technology, they will respond to changes in their rival’s tariffs and so on. Once the market is mature and saturated, key decisions for these providers will relate to cost management and procurement choices. However, we must bear in mind that even a basic set of customer requirements must be satisfied, so the challenge is for telcos to keep costs low whilst still meeting those requirements, and without suffering some other form of disadvantage – like fraud. But as Dan suggests, we can draw a line and say that cost optimization is the core risk whilst the acute desire to keep costs low has an influence on ancillary risks like fraud or underperforming staff.

As you can see, I have very rapidly narrowed down on a few potential candidates for the core risks: limited and short-lived opportunities for competitive differentiation; regulatory, legal and political risk relating to the basic economics of the business model; continuity and resilience for networks; and cost management as far as that underpins cost leadership. Obviously telcos suffer from far more risks than just the few I placed in the core, but I really do not feel we see the variety of customer motivation necessary to include a wider range of risks in the potential selection of the core. Customers of Apple, Toyota and HBO may have some very sophisticated motives when choosing their preferred supplier over the competition. Users of a phone service just want to speak to their Aunt Mabel. In doing so, they take some things for granted. They want the service to be available (within reason). They want to be charged accurately, per the tariff they agreed (or per how it was described to them). They want the quality of the line to be adequate, for the call not to drop and so forth. Most people are reasonable; they do not expect more than they were promised. So a lot of risk can occur where promises are not kept. I consider these risks to be ancillary because both sides should generally expect these promises will be kept. If they are not kept, then customers should rightly get upset. But the point I am making here is that these should be treated as essentials for being in business. They are not sources of competitive advantage in the normal sense.

Competitive advantage comes from satisfying a human motivation where the person does not already take this satisfaction for granted. Managing the risks that surround the satisfaction of this human goal is what gives a business its identity as a certain kind of business. However, being able to satisfy the most basic expectations of a commercial relationship is not an element of competitive advantage. If a business does not do that, the issue is not one of improving its risk management, but of attaining competency. And if the business is not competent, then it is reasonable to ask why it exists in the first place, because a free market should see incompetent businesses being quickly driven out of business. This can become muddled for many comms providers, precisely because of the tendency toward natural monopolies in networks, and because of the anti-competitive aspects of many relationships between comms providers and the state.

Revenue Assurance Book

Since its release, the talkRA book, Revenue Assurance: Expert Opinions for Communications Providers (ISBN 9781439851500) has gained praise from critics and topped the sales of revenue assurance books on Amazon. Available in hardback and as a Kindle e-book, Tony Poulos called it "a must for anybody that works in RA". Read more about its contents and see the list of worldwide stockists here.

Moving to Commsrisk

After 6 years at talkRA.com, we are changing the site's name to Commsrisk and moving the content to a new domain, commsrisk.com. The Commsrisk website is now online, and the same articles will be published on both sites in parallel, whilst the new site is undergoing beta testing. Please bookmark the new site, try it, let us know of any bugs you find, and tell your friends about the transition.